Setting up FortiAuthenticator as an IdP

Go to Authentication > SAML IdP > General and select Enable SAML Identity Provider portal.

Configure the following settings:

Setting	Definition
Device FQDN	To configure this setting, you must enter a Device FQDN in the System Information widget in the Dashboard.
Server address	Enter the IP address or FQDN of the FortiAuthenticator device.
Username input format	Select one of the provided options. In our example, we used username@realm.
Realms	Select Add a realm to add the default local realm to which the users will be associated.
Login session timeout	Set the user’s login session timeout limit to between 5 – 1440 minutes (one day). In our example, we used `500 minutes`.
Default IdP certificate	Select a default certificate the IdP uses to sign SAML assertions from the dropdown menu.

Setting

Definition

Device FQDN

To configure this setting, you must enter a Device FQDN in the System Information widget in the Dashboard.

Server address

Enter the IP address or FQDN of the FortiAuthenticator device.

Username input format

Select one of the provided options. In our example, we used username@realm.

Realms

Select Add a realm to add the default local realm to which the users will be associated.

Set the user’s login session timeout limit to between 5 – 1440 minutes (one day). In our example, we used 500 minutes.

Default IdP certificate

Select a default certificate the IdP uses to sign SAML assertions from the dropdown menu.